chore(release): dummy

.github/actions/gke-login/action.yml

@@ -42,4 +42,6 @@ runs:
     run: chmod 600 $KUBECONFIG
   - name: Check credentials
     shell: bash
-    run: kubectl auth can-i create deployment
+    run: |
+      kubectl auth can-i create deployment
+      kubectl version

.github/actions/workflow-vars/action.yml

@@ -13,7 +13,6 @@ inputs:
       Define a ttl for the lifespan of the deployment
     required: false
     default: ""
-    type: string
   identifier-base:
     description: The fixed string in the identifier of the deployment it could be PR number or another specified name.
   chart-dir:
@@ -35,17 +34,13 @@ runs:
     shell: bash
     run: |
       # Generate workflow vars.
-      rand_gen() {
-        python -c "import random, string; print(''.join(random.SystemRandom().choice(string.ascii_lowercase + string.digits) for _ in range(20)))"
-      }
-
       is_pr() {
         echo ${{ github.event.pull_request.number }} | grep -q .
       }
 
       # NOTE: We should use the matrix job id var once it's available.
       # https://github.com/orgs/community/discussions/40291
-      GITHUB_WORKFLOW_JOB_ID=$(rand_gen | cut -c 1-6)
+      GITHUB_WORKFLOW_JOB_ID=$(uuidgen | head -c 6)
 
       echo "Env vars:"
 
@@ -65,7 +60,7 @@ runs:
         TEST_NAMESPACE="${TEST_NAMESPACE}-upgrade"
       fi
 
-      echo "TEST_NAMESPACE=${TEST_NAMESPACE}" | tee -a $GITHUB_ENV
+      echo "TEST_NAMESPACE=$(echo ${TEST_NAMESPACE} | head -c 63)" | tee -a $GITHUB_ENV
 
       echo "Output vars:"
 
@@ -90,7 +85,8 @@ runs:
       # In the upgrade flow, the latest released chart for certain minor Camunda version will installed,
       # then upgraded from the PR branch to ensure upgradability.
       if [[ "${{ inputs.setup-flow }}" == 'upgrade' ]]; then
-        git fetch origin main:main --no-tags
+        test "$(git branch --show-current)" != "main" &&
+          git fetch origin main:main --no-tags
         TEST_CHART_VERSION="$(git show main:charts/${{ inputs.chart-dir }}/Chart.yaml | yq '.version')"
         echo "TEST_CHART_VERSION=${TEST_CHART_VERSION}" | tee -a $GITHUB_ENV
 

.github/config/release-please/.release-please-manifest.json

@@ -1,6 +1,6 @@
 {
-  "charts/camunda-platform-8.2": "8.2.28",
-  "charts/camunda-platform-8.3": "8.3.13",
-  "charts/camunda-platform-8.4": "9.3.6",
-  "charts/camunda-platform-latest": "10.1.0"
+  "charts/camunda-platform-8.2": "8.2.30",
+  "charts/camunda-platform-8.3": "8.3.15",
+  "charts/camunda-platform-8.4": "9.3.8",
+  "charts/camunda-platform-latest": "10.3.0"
 }

.github/config/release-please/release-please-config.json

@@ -1,7 +1,7 @@
 {
   "release-type": "helm",
-  "group-pull-request-title-pattern": "Release Camunda Platform Helm Chart",
-  "pull-request-title-pattern": "Camunda Platform Helm Chart ${component}/${version}",
+  "group-pull-request-title-pattern": "chore(release): Camunda Platform Helm Chart",
+  "pull-request-title-pattern": "chore(release): Camunda Platform Helm Chart ${component}/${version}",
   "extra-label": "automation/release-please,release/pr,kind/chore,chart/camunda-platform",
   "skip-github-release": true,
   "separate-pull-requests": false,
@@ -10,13 +10,17 @@
   "draft": false,
   "packages": {
     "charts/camunda-platform-latest": {
-      "component": "camunda-platform-latest",
-      "extra-label": "version/8.5",
+      "package-name": "camunda-platform-8.5",
+      "extra-label": "version/8.5,automation/release-please,release/pr,kind/chore,chart/camunda-platform",
+      "component": "camunda-platform",
+      "include-v-in-tag": false,
       "changelog-path": "CHANGELOG.md"
     },
     "charts/camunda-platform-8.4": {
-      "component": "camunda-platform-8.4",
-      "extra-label": "version/8.4",
+      "package-name": "camunda-platform-8.4",
+      "extra-label": "version/8.4,automation/release-please,release/pr,kind/chore,chart/camunda-platform",
+      "component": "camunda-platform",
+      "include-v-in-tag": false,
       "changelog-path": "CHANGELOG.md",
       "extra-files": [
         {
@@ -27,8 +31,10 @@
       ]
     },
     "charts/camunda-platform-8.3": {
-      "component": "camunda-platform-8.3",
-      "extra-label": "version/8.3",
+      "package-name": "camunda-platform-8.3",
+      "extra-label": "version/8.3,automation/release-please,release/pr,kind/chore,chart/camunda-platform",
+      "component": "camunda-platform",
+      "include-v-in-tag": false,
       "changelog-path": "CHANGELOG.md",
       "extra-files": [
         {
@@ -39,8 +45,10 @@
       ]
     },
     "charts/camunda-platform-8.2": {
-      "component": "camunda-platform-8.2",
-      "extra-label": "version/8.2",
+      "package-name": "camunda-platform-8.2",
+      "extra-label": "version/8.2,automation/release-please,release/pr,kind/chore,chart/camunda-platform",
+      "component": "camunda-platform",
+      "include-v-in-tag": false,
       "changelog-path": "CHANGELOG.md",
       "extra-files": [
         {

.github/config/rosa-on-demand/distribution-team/.gitignore

@@ -0,0 +1 @@
+secret.yaml

.github/config/rosa-on-demand/distribution-team/external-cluster-secretstore.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: k8s-store-token-auth
+spec:
+  provider:
+    kubernetes:
+      remoteNamespace: distribution-team
+      server:
+        url: REPLACE_ME # the url will be dynamically replaced in .github/workflows/test-integration-rosa.yaml using `yq`
+        caProvider:
+          type: Secret
+          name: "external-clusters-access-secret-store-token"
+          key: "ca.crt"
+          namespace: distribution-team
+      auth:
+        token:
+          bearerToken:
+            name: "external-clusters-access-secret-store-token"
+            key: "token"

.github/config/rosa-on-demand/distribution-team/external-secret.yaml

@@ -0,0 +1,23 @@
+# clone the widlcard certs secrets from the permanent cluster
+
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-secret-ci-distro-ultrawombat-com
+  namespace: camunda-platform
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: SecretStore
+    name: k8s-store-token-auth
+  target:
+    name: ci-distro-ultrawombat-com  # name of the k8s Secret to be created
+  data:
+  - secretKey: tls.crt
+    remoteRef:
+      key: ci-distro-ultrawombat-com
+      property: tls.crt
+  - secretKey: tls.key
+    remoteRef:
+      key: ci-distro-ultrawombat-com
+      property: tls.key

.github/config/rosa-on-demand/distribution-team/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonAnnotations:
+  camunda.com/team: distribution
+
+commonLabels:
+  app.kubernetes.io/managed-by: kustomize
+
+namespace: distribution-team
+
+resources:
+  - secret.yaml
+  - external-cluster-secretstore.yaml
+  - external-secret.yaml

.github/config/rosa-on-demand/distribution-team/secret.yaml.tpl

@@ -0,0 +1,14 @@
+# Use envsubst https://stackoverflow.com/a/56009991
+# envsubst < secret.yaml.tpl > secret.yaml
+# This secret is templated in .github/workflows/test-integration-rosa.yaml#L228
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-clusters-access-secret-store-token
+data:
+  ca.crt: "$EXTERNAL_SECRET_STORE_SA_CA"
+  service-ca.crt: "$EXTERNAL_SECRET_STORE_SA_SERVICE_CA"
+  namespace: ZGlzdHJpYnV0aW9uLXRlYW0=
+  # Get it from distro-central cluster.
+  token: "$EXTERNAL_SECRET_STORE_SA_TOKEN"

.github/config/rosa-on-demand/external-dns/.gitignore

@@ -0,0 +1,2 @@
+secret.yaml
+charts

.github/config/rosa-on-demand/external-dns/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonAnnotations:
+  camunda.com/team: distribution
+
+commonLabels:
+  app.kubernetes.io/managed-by: kustomize
+
+namespace: external-dns
+
+resources:
+- ./secret.yaml

.github/config/rosa-on-demand/external-dns/secret.yaml.tpl

@@ -0,0 +1,10 @@
+# Use envsubst https://stackoverflow.com/a/56009991
+# envsubst < secret.yaml.tpl > secret.yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-dns-gcp-service-account
+data:
+  # Get it from distro-central repo.
+  credentials.json: "$EXTERNAL_DNS_GCP_SERVICE_ACCOUNT"

.github/config/rosa-on-demand/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Description: this is a template cluster that is used each time we spawn an "on-demand" ROSA HCP cluster in the CI
+#              it extends the default configuration of the generic on-demand ROSA cluster with specific values set by the workflow
+
+commonAnnotations:
+  camunda.com/team: distribution
+
+commonLabels:
+  app.kubernetes.io/managed-by: kustomize
+
+resources:
+- ./external-dns
+- ./distribution-team

.github/config/rosa-on-demand/test-integration-rosa-matrix.yaml

@@ -0,0 +1,24 @@
+matrix:
+  distro:
+    # /!\ BEFORE ADDING/REMOVING A VERSION:
+    # /!\ Please keep this matrix synced with the official documentation: https://github.com/camunda/camunda-docs/blob/main/docs/self-managed/setup/deploy/openshift/redhat-openshift.md?plain=1#L2
+    # According to https://access.redhat.com/support/policy/updates/openshift, this matrix should reference the last 4 (may change) supported versions of OpenShift
+    - name: OpenShift 4.15
+      type: openshift
+      # renovate: datasource=endoflife-date depName=red-hat-openshift versioning=regex:^4(\.(?<minor>\d+))?(\.(?<patch>\d+))?$
+      version: 4.15.11
+      # /!\ Warning: When a new minor version of OpenShift is released, you must update all N-1, N-2, and N-3 versions in this matrix.
+      # rationale: Red Hat supports the last four minor versions of OpenShift. Therefore, to ensure compatibility and support, we must test against these versions. For more details, refer to the official support policy at https://endoflife.date/red-hat-openshift.
+      platform: rosa
+    - name: OpenShift 4.14 # TODO: when you will add to this matrix OpenShift 4.16, please duplicate this block for 4.15 (pay attention the the renovate regex)
+      type: openshift
+      # renovate: datasource=endoflife-date depName=red-hat-openshift versioning=regex:^4.14(\.(?<patch>\d+))?$  
+      version: 4.14.24
+      platform: rosa
+  scenario:
+    - name: Chart Setup
+      desc: Setup chart in production-like setup with Ingress and TLS.
+      flow: install
+    - name: Chart Upgrade
+      desc: Upgrade chart from the latest released version to the current branch.
+      flow: upgrade

.github/config/test-integration-matrix.yaml

@@ -0,0 +1,33 @@
+matrix:
+  distro:
+    - name: Kubernetes
+      type: kubernetes
+      platform: gke
+      secret:
+        cluster-name: DISTRO_CI_GCP_GKE_CLUSTER_NAME
+        cluster-location: DISTRO_CI_GCP_GKE_CLUSTER_LOCATION
+        workload-identity-provider: DISTRO_CI_GCP_WORKLOAD_IDENTITY_PROVIDER
+        service-account: DISTRO_CI_GCP_SERVICE_ACCOUNT
+      if: ${{ contains(inputs.platforms, 'gke') }}
+    - name: OpenShift
+      type: openshift
+      platform: rosa
+      secret:
+        server-url: DISTRO_CI_OPENSHIFT_CLUSTER_URL
+        username: DISTRO_CI_OPENSHIFT_CLUSTER_USERNAME
+        password: DISTRO_CI_OPENSHIFT_CLUSTER_PASSWORD
+      if: ${{ contains(inputs.platforms, 'rosa') }}
+  scenario:
+    - name: Chart Setup
+      desc: Setup chart in production-like setup with Ingress and TLS.
+      flow: install
+      if: ${{ contains(inputs.flows, 'install') }}
+    - name: Chart Upgrade
+      desc: Upgrade chart from the latest released version to the current branch.
+      flow: upgrade
+      if: ${{ contains(inputs.flows, 'upgrade') }}
+  exclude:
+    - distro:
+        if: false
+    - scenario:
+        if: false